Obsidian Security, a leader in SaaS security, is unveiling SaaS AI agent defense, a first-of-its-kind solution aimed at controlling how autonomous AI agents access corporate SaaS applications. As enterprises rapidly adopt AI agents—ranging from Microsoft Copilot Studio to ChatGPT Enterprise—security gaps in SaaS environments have become a prime target for cyberattacks.
Recent incidents highlight the stakes. In the Salesforce attack (UNC6040), threat actors leveraged voice phishing to run bulk API queries and steal data at scale. The Salesloft Salesforce supply chain breach (UNC6395) showed how a single compromised chatbot could propagate access across multiple SaaS platforms—including Google Workspace, Slack, Amazon S3, and Microsoft Azure—exposing hundreds of enterprises to cascading risk.
The challenge grows as AI agents become pervasive. Platforms like Salesforce Agentforce, n8n, and low-code tools enable employees to deploy agents that autonomously query data, execute decisions, and chain tasks—often with broad privileges and long-lived tokens. If compromised, these agents can exfiltrate sensitive data and move laterally through SaaS ecosystems at machine speed.
“87% of enterprises have Microsoft Copilot enabled, and more than half of AI agents access sensitive data,” said Hasan Imam, CEO of Obsidian. “90% are over-permissioned and move 16 times more data than humans. These aren’t theoretical risks—they’re happening in enterprises today, often unnoticed.”
Why Traditional Security Falls Short
Conventional tools struggle to track machine-driven activity at scale, contextualize permissions, or enforce controls fast enough to contain autonomous agents. Sunil Seshadri, EVP and CSO at HealthEquity and Obsidian board member, emphasizes the speed factor: “AI agents can trigger workflows across multiple SaaS apps in seconds. Obsidian flips the dynamic, detecting issues near real-time—faster than most traditional security tools—so teams can intervene before damage spreads.”
How Obsidian AI Agent Defense Works
At the heart of the solution is Obsidian’s Knowledge Graph, powered by over 500 curated SaaS threat datasets, browser-based activity capture, and deep AI/SaaS integrations. The continuously learning model unifies user and agent activity, privileges, and workflows, delivering a live, correlated map of enterprise SaaS environments.
Khanh Tran, Chief Product Officer, explained: “Our Knowledge Graph revealed AI agents typically have ten times more permissions than needed compared to real user entitlements. By integrating platforms like Microsoft Copilot Studio, n8n, Salesforce Agentforce, and ChatGPT Enterprise, security teams finally gain visibility into agent behavior, stop risks proactively, and allow innovation without compromising governance.”
Key Capabilities
- Live Visibility & Access Cleanup: Inventory every AI agent, its permissions, connections, and actions, enabling full lifecycle oversight and removal of excessive privileges.
- Continuous Observability & Compliance: Trace AI agent access across SaaS platforms, linking entitlements to actual actions with correlated audit trails.
- Prevent Misuse & Privilege Escalation: Detect and block agents attempting to exploit trust chains or escalate privileges before incidents cascade.
Obsidian’s AI agent defense represents a significant step for enterprises seeking to scale AI responsibly, addressing an often-overlooked blind spot in SaaS security while enabling safe adoption of autonomous AI workflows.
Power Tomorrow’s Intelligence — Build It with TechEdgeAI
